0
0
Kubernetesdevops~5 mins

Pod security admission controller in Kubernetes - Cheat Sheet & Quick Revision

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Recall & Review
beginner
What is the Pod Security Admission Controller in Kubernetes?
It is a built-in Kubernetes feature that checks pods against security policies before they are allowed to run, helping to enforce security standards.
Click to reveal answer
beginner
Name the three Pod Security Admission Controller policy levels.
The three levels are: Privileged, Baseline, and Restricted. Each level defines different security restrictions for pods.
Click to reveal answer
intermediate
How does the Pod Security Admission Controller enforce policies?
It intercepts pod creation or update requests and checks if the pod's security settings meet the policy. If not, it rejects the request.
Click to reveal answer
intermediate
What is the difference between the Baseline and Restricted policy levels?
Baseline allows common, less risky permissions for pods, while Restricted enforces stricter rules to minimize security risks.
Click to reveal answer
advanced
How can you enable the Pod Security Admission Controller in a Kubernetes cluster?
You enable it by configuring the API server with the --enable-admission-plugins flag including PodSecurity, and setting namespace labels to specify the policy level.
Click to reveal answer
Which Kubernetes feature checks pod security settings before allowing them to run?
APod Scheduler
BNetwork Policy
CConfigMap
DPod Security Admission Controller
What are the three policy levels of Pod Security Admission Controller?
APrivileged, Baseline, Restricted
BOpen, Closed, Custom
CAdmin, User, Guest
DLow, Medium, High
Which policy level allows the most permissions to pods?
APrivileged
BBaseline
CRestricted
DNone
How does the Pod Security Admission Controller reject a pod?
ABy deleting the pod after creation
BBy restarting the pod automatically
CBy blocking the pod creation request if it violates policy
DBy sending an alert but allowing the pod
How do you specify which Pod Security policy applies to a namespace?
ABy editing the pod spec
BBy setting labels on the namespace
CBy configuring the kubelet
DBy changing the node configuration
Explain how the Pod Security Admission Controller helps improve Kubernetes cluster security.
Think about how it acts like a security guard for pods.
You got /4 concepts.
    Describe the differences between the Privileged, Baseline, and Restricted Pod Security policies.
    Compare the level of permissions allowed by each policy.
    You got /4 concepts.